mirror of https://github.com/databricks/cli.git
156 lines
4.5 KiB
Go
Executable File
156 lines
4.5 KiB
Go
Executable File
// Code generated from OpenAPI specs by Databricks SDK Generator. DO NOT EDIT.
|
|
|
|
package access_control
|
|
|
|
import (
|
|
"fmt"
|
|
|
|
"github.com/databricks/cli/cmd/root"
|
|
"github.com/databricks/cli/libs/cmdio"
|
|
"github.com/databricks/cli/libs/flags"
|
|
"github.com/databricks/databricks-sdk-go/service/iam"
|
|
"github.com/spf13/cobra"
|
|
)
|
|
|
|
var Cmd = &cobra.Command{
|
|
Use: "access-control",
|
|
Short: `These APIs manage access rules on resources in an account.`,
|
|
Long: `These APIs manage access rules on resources in an account. Currently, only
|
|
grant rules are supported. A grant rule specifies a role assigned to a set of
|
|
principals. A list of rules attached to a resource is called a rule set.`,
|
|
Annotations: map[string]string{
|
|
"package": "iam",
|
|
},
|
|
}
|
|
|
|
// start get-assignable-roles-for-resource command
|
|
var getAssignableRolesForResourceReq iam.GetAssignableRolesForResourceRequest
|
|
|
|
func init() {
|
|
Cmd.AddCommand(getAssignableRolesForResourceCmd)
|
|
// TODO: short flags
|
|
|
|
}
|
|
|
|
var getAssignableRolesForResourceCmd = &cobra.Command{
|
|
Use: "get-assignable-roles-for-resource RESOURCE",
|
|
Short: `Get assignable roles for a resource.`,
|
|
Long: `Get assignable roles for a resource.
|
|
|
|
Gets all the roles that can be granted on an account level resource. A role is
|
|
grantable if the rule set on the resource can contain an access rule of the
|
|
role.`,
|
|
|
|
Annotations: map[string]string{},
|
|
Args: func(cmd *cobra.Command, args []string) error {
|
|
check := cobra.ExactArgs(1)
|
|
return check(cmd, args)
|
|
},
|
|
PreRunE: root.MustAccountClient,
|
|
RunE: func(cmd *cobra.Command, args []string) (err error) {
|
|
ctx := cmd.Context()
|
|
a := root.AccountClient(ctx)
|
|
|
|
getAssignableRolesForResourceReq.Resource = args[0]
|
|
|
|
response, err := a.AccessControl.GetAssignableRolesForResource(ctx, getAssignableRolesForResourceReq)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
return cmdio.Render(ctx, response)
|
|
},
|
|
// Disable completions since they are not applicable.
|
|
// Can be overridden by manual implementation in `override.go`.
|
|
ValidArgsFunction: cobra.NoFileCompletions,
|
|
}
|
|
|
|
// start get-rule-set command
|
|
var getRuleSetReq iam.GetRuleSetRequest
|
|
|
|
func init() {
|
|
Cmd.AddCommand(getRuleSetCmd)
|
|
// TODO: short flags
|
|
|
|
}
|
|
|
|
var getRuleSetCmd = &cobra.Command{
|
|
Use: "get-rule-set NAME ETAG",
|
|
Short: `Get a rule set.`,
|
|
Long: `Get a rule set.
|
|
|
|
Get a rule set by its name. A rule set is always attached to a resource and
|
|
contains a list of access rules on the said resource. Currently only a default
|
|
rule set for each resource is supported.`,
|
|
|
|
Annotations: map[string]string{},
|
|
Args: func(cmd *cobra.Command, args []string) error {
|
|
check := cobra.ExactArgs(2)
|
|
return check(cmd, args)
|
|
},
|
|
PreRunE: root.MustAccountClient,
|
|
RunE: func(cmd *cobra.Command, args []string) (err error) {
|
|
ctx := cmd.Context()
|
|
a := root.AccountClient(ctx)
|
|
|
|
getRuleSetReq.Name = args[0]
|
|
getRuleSetReq.Etag = args[1]
|
|
|
|
response, err := a.AccessControl.GetRuleSet(ctx, getRuleSetReq)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
return cmdio.Render(ctx, response)
|
|
},
|
|
// Disable completions since they are not applicable.
|
|
// Can be overridden by manual implementation in `override.go`.
|
|
ValidArgsFunction: cobra.NoFileCompletions,
|
|
}
|
|
|
|
// start update-rule-set command
|
|
var updateRuleSetReq iam.UpdateRuleSetRequest
|
|
var updateRuleSetJson flags.JsonFlag
|
|
|
|
func init() {
|
|
Cmd.AddCommand(updateRuleSetCmd)
|
|
// TODO: short flags
|
|
updateRuleSetCmd.Flags().Var(&updateRuleSetJson, "json", `either inline JSON string or @path/to/file.json with request body`)
|
|
|
|
}
|
|
|
|
var updateRuleSetCmd = &cobra.Command{
|
|
Use: "update-rule-set",
|
|
Short: `Update a rule set.`,
|
|
Long: `Update a rule set.
|
|
|
|
Replace the rules of a rule set. First, use get to read the current version of
|
|
the rule set before modifying it. This pattern helps prevent conflicts between
|
|
concurrent updates.`,
|
|
|
|
Annotations: map[string]string{},
|
|
PreRunE: root.MustAccountClient,
|
|
RunE: func(cmd *cobra.Command, args []string) (err error) {
|
|
ctx := cmd.Context()
|
|
a := root.AccountClient(ctx)
|
|
|
|
if cmd.Flags().Changed("json") {
|
|
err = updateRuleSetJson.Unmarshal(&updateRuleSetReq)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
} else {
|
|
return fmt.Errorf("please provide command input in JSON format by specifying the --json flag")
|
|
}
|
|
|
|
response, err := a.AccessControl.UpdateRuleSet(ctx, updateRuleSetReq)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
return cmdio.Render(ctx, response)
|
|
},
|
|
// Disable completions since they are not applicable.
|
|
// Can be overridden by manual implementation in `override.go`.
|
|
ValidArgsFunction: cobra.NoFileCompletions,
|
|
}
|
|
|
|
// end service AccountAccessControl
|